A few days back, hacking group LulzSec (sorta-but-not-quite attached to Anonymous) released a text file to Twitter. It contained 56,000 email accounts and attached passwords for the users of Pron.com, a porn site. Also had the logins of a load of administrators.
Now, initially, you might be tempted to think so the fuck what. A load of people had their porn access compromised, boo hoo. And yeah, normally, so what. But what happened was far more dangerous than that, because a huge percentage of those users made the second dumbest mistake possible as passwords go.
They used the same password for their pron.com account as they did for their email. And that email was also the account attached to their Facebook page, or their MySpace, or Twitter, or their dating site logins, etc. Anybody who cared to could log in to their email, go to Facebook and use the ‘forgot my password option’, have a new password sent to the email address they now control, and bam, they’re in.
A whole lot of people came out of the closet on social media sites over the weekend. I imagine it was quite the surprise to them. One particular instance that became popular was the account of one woman who had been keeping racy photos of herself in that email account. Said photos were posted to her FB, Twitter, etc.
The lesson here is this: don’t re-use passwords. It’s not like it’s difficult anymore, either. Every browser there is (I still use and recommend Opera) has a built-in password keeper that can automatically log you in. Better than that would be to use an encrypted vault application like KeePass which will let you save them on your computer, without the risk of tossing it out on the internet.
At any rate, I support LulzSec in its endeavors. Security is important, and this sort of thing is apparently the only way people are going to start paying attention to it.